[comp.virus] New Leprosy signiture?

jguo@cs.NYU.EDU (Jun Guo) (02/10/91)

Hi,

   I downloaded the new signature file
anonymous/pub/virus/pc/virus.new from beach.gal.utexas.edu. But then
F-FCHK tell me Turbo Debugger 1.0 TD.OVL and Turbo C++ 1.0 TCLASSS.LIB
was infected by Leprosy. Is the new signature appropreate?

    The new signature is:
Leprosy     iHNjpjKmumoXO8rHxotuxiWmtHW5mK4bD51CMK4Em5tnCG

   When I use F-DISINF, it reported possible unknown virus infection.
I use NEC MS-DOS 3.30 to get around the 32MB partition limit. But is
there really some virus? The dump of the boot by F-BOOT:

F-BOOT    Shows the boot sector    Version 1.14A - Jan. '91

eb34 904e 4543 4953 332e 3300 0402 0100 0200 0219 aaf8
2b00 1100 0700 1100 0000 0000 0000 0004 0000 0000 0000
0000 0012 0000 0000 0100 fa33 c08e d0bc 007c 1607 bb78
0036 c537 1e56 1653 bf2b 7cb9 0b00 fcac 2680 3d00 7403
268a 05aa 8ac4 e2f1 061f 8947 02c7 072b 7cfb 8a16 fd7d
cd13 7303 e980 00f6 0624 7c20 7405 c606 9004 54a0 107c
98f7 2616 7c03 060e 7ca3 3f7c a337 7cb8 2000 f726 117c
8b1e 0b7c 03c3 48f7 f303 0637 7ca3 3d7c e8cb 00a3 377c
a13f 7ce8 c200 a33f 7cbb 0005 a13f 7ce8 7300 b001 e888
0072 198b fbb9 0b00 bee0 7df3 a675 0d8d 7f20 beeb 7db9
0b00 f3a6 7418 be87 7de8 4000 32e4 cd16 5e1f 8f04 8f44
02cd 19be cf7d ebeb b902 00bb 0007 a137 7ce8 2f00 b001
e844 0072 e8ff 0637 7c81 c300 02e2 e98a 2e15 7c8a 16fd
7d8b 1e3d 7cea 0000 7000 ac0a c074 21b4 0eb3 ffcd 10eb
f333 d2f7 3618 7cfe c288 163b 7c33 d2f7 361a 7c88 162a
7ca3 397c c351 b402 8b16 397c 0316 1e7c 8aea d0ce d0ce
80e6 c08a 0e3b 7c80 e13f 0ace 8a36 2a7c 8a16 fd7d cd13
59c3 8b16 0b7c b109 d3ea f7e2 0306 1c7c c30d 0a4e 6f6e
2d53 7973 7465 6d20 6469 736b 206f 7220 6469 736b 2065
7272 6f72 0d0a 5265 706c 6163 6520 616e 6420 7072 6573
7320 616e 7920 6b65 7920 7768 656e 2072 6561 6479 0d0a
000d 0a42 6f6f 7420 4661 696c 7572 650d 0a00 494f 2020
2020 2020 5359 534d 5344 4f53 2020 2053 5953 0000 0000
0000 0080 55aa

   And when I use F-SYSCHK, the process slows down considerably when
it gets to Lehigh. Before that one, I can hardly tell which virus is
currently checking on, but begin from Lehigh, it is much slower. Is
that normal? Or does that suggest some problem?

   Thanks a lot.

Jun